Re: HELP!!! ASA Anyconnect VPN subnet cannot access LAN from Ryan West on 2014-05-29 (Ccielab archives 05/2014)

From: Ryan West <rwest_at_zyedge.com>
Date: Thu, 29 May 2014 11:30:11 +0000

I just checked release notes, is this an 8.3+ NAT issue or specific to 9.2?

Sent from handheld.

> On May 29, 2014, at 7:16 AM, "Carlos G Mendioroz" <tron_at_huapi.ba.ar> wrote:
>
> Haroon,
> whatever it was, would you consider sharing the experience ? Someone
> else could get into the same issue and learn from your experience!
> -Carlos
>
> Haroon @ 29/05/2014 02:22 -0300 dixit:
>> nevermind, I fixed the issue... asa9.2 nat will take some getting used
>> to!!!!
>>
>>
>>> On Wed, May 28, 2014 at 9:15 PM, Haroon <itguy.pro_at_gmail.com> wrote:
>>>
>>>
>>> Hello Experts,
>>>
>>> I need some help with AnyConnect VPN I configured on ASA 5510. Please see
>>> diagram to better understand below details. http://tinypic.com/r/9uvfix/8
>>>
>>> The configuration, from making connection to the ASA through the vpn
>>> client works fine. I can connect, authenticate (to local and LDAP), get an
>>> ip address but once it is connected, I cannot access local resources inside
>>> the network (LAN).
>>>
>>> The VPN is configured on the INSIDE interface of the ASA and then 1:1 NAT
>>> on Meraki MX90
>>>
>>> If I use LAN's DHCP server instead of the IP POOL on the ASA, I obviously
>>> get the same IP addresses as the LAN and local resource access (RDP,
>>> fileshares, etc.) works fine.
>>>
>>> On ASA I do have splittunnel enabled, I do have a route to the IP POOL
>>> subnet on meraki for local servers to get to the VPN subnet and also I have
>>> intra/inter interface traffic.
>>>
>>> Other than the VPN there is nothing else configured on the ASA.
>>>
>>> Considering the diagram, considering the fact that its only using one
>>> inside interface for VPN and VPN traffic basically makes U-Turn on ASA,
>>> what exactly do I need to do on the ASA to allow different subnet/VPN IP
>>> POOL to access inside resources?
>>>
>>> Any help/direction would be greatly appreciate.
>>>
>>> thanks,
>>>
>>> Haroon
>
> --
> Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Thu May 29 2014 - 11:30:11 ART

This archive was generated by hypermail 2.2.0 : Tue Jun 10 2014 - 13:43:09 ART